1. Field of the Invention
The present invention relates to data processing apparatuses and methods, and in particular to managing accesses to secure and non-secure data in memory.
2. Description of the Prior Art
It is often the case that the data items (e.g. instructions or data values) used by at least one of the applications running on a processor are sensitive data items that should not be accessible by other applications that can be run on the processor. An example would be where the data processing apparatus is a smart card, and one of the applications is a security application which uses sensitive data, such as for example secure keys, to perform validation, authentication, decryption and the like. It is clearly important in such situations to ensure that such sensitive data are kept secure so that they cannot be accessed by other applications, for example hacking applications that have been loaded onto the data processing apparatus with the purpose of seeking to access those secure data.
In known systems, it has typically been the job of the operating system developer to ensure that the operating system provides sufficient security to ensure that the secure data of one application cannot be accessed by other applications running under the control of the operating system. However, as systems become more complex, the general trend is for operating systems to become larger and more complex, and in such situations it becomes increasingly difficult to ensure sufficient security within the operating system itself.
As a consequence, to seek to alleviate the reliance on operating system security, it is known to provide a system in which the data processing apparatus is provided with separate domains, these domains providing a mechanism for handling security at the hardware level. Such a system is described for example in commonly assigned co-pending U.S. Pat. No. 7,305,534, the contents of which are herein incorporated by reference, this application describing a system having a secure domain and a non-secure domain. In that system, the non-secure and secure domains in effect establish separate worlds, with the secure domain providing a trusted execution space separated by hardware enforced boundaries from other execution spaces, and likewise the non-secure domain providing a non-trusted execution space. A program executing in a specified non-secure domain does not have access to data identified as secure. Each access request then has a domain security signal associated therewith identifying whether the access is a secure access or a non-secure access.
If the data processing apparatus contains a storage device (e.g. a cache) which is accessible to programs executing either in a secure or a non-secure domain, then mechanisms need to be in place to ensure that data stored in such a device for access by a program operating in a secure domain is not accessible to a program operating in a non-secure domain. Commonly assigned U.S. Pat. No. 7,340,573, the contents of which are herein incorporated by reference, describes a data processing apparatus, in which an additional flag is set in a cache line, indicating the security of the corresponding data. When a cache line's worth of data is written in the cache (typically as part of a linefill process), the associated flag is set to identify whether the data pertains to a secure memory access or to a non-secure memory access. Access to a data item in the cache is then restricted by reference to the flag, such that an access request whose domain security signal indicates it is a secure access can only reference secure cache lines as indicated by the associated flag(s), and similarly an access request whose domain security signal indicates it is a non-secure access can only reference non-secure cache lines as indicated by the associated flag(s). Such an approach hence prevents a process operating in the non-secure domain from accessing any entries in the cache whose associated flag indicates that it contains secure data. This provision avoids the need to flush the cache prior to a processor which has access thereto making a transition from secure domain operation to non-secure domain operation.
Whilst such systems serve to protect the security of the secure data, it may in fact be the case that some sharing of data between secure and non-secure domains is desirable. One example of this would be a decryption process, which itself must operate in the secure domain, but produces decrypted data which it may be appropriate to make accessible to non-secure processes. Such data should be written to a non-secure memory region from where it can be accessed by the non-secure process.
It is known to provide processors which can operate in both secure and non-secure domains (with special monitor code being used to manage the transition from one domain to the other). In one such system a program operating in the secure domain can issue an access request to non-secure memory and mark that data access request as non-secure even though it is issued from the secure domain. This enables a secure process to write data to a non-secure memory location and, if that data is held in the cache, for the flag of the relevant cache line to be marked as non-secure, such that a subsequent non-secure process executing on the processor (or indeed on a different processor) may have access to it from the cache.
However, the complexity of a processor which supports both secure and non-secure domains may be not only unnecessary for many applications, but also may present a potential security vulnerability, since its ability to execute processes in either the secure or the non-secure domain could be the subject of a hacking attack. Furthermore it would be advantageous to avoid having to provide the additional logic associated with the ability of a processor to operate in both secure and non-secure domains. However, a processor which is fixed in one security domain (e.g. the secure domain) will not have the ability to generate different domain security signals, and indeed will not typically be aware of the multiple domains within the system. Accordingly this causes a problem if data used by that fixed domain processor is to be shared with another processor operating in another domain. Assuming by way of example that a fixed domain processor was operating in the secure domain, all access requests emanating from it could be tagged externally as secure accesses. If data is to be shared with a non-secure process, such secure accesses would need to be allowed to access non-secure memory regions. However, even if such accesses are allowed, a problem arises if a cache is used, since any data stored in the cache as a result of the activities of the fixed secure processor will have the corresponding cache line flag marked as secure, and hence won't be visible to the non-secure process. One possible solution to this problem would be to cause this processor to use a non-cacheable region of non-secure memory which would allow both secure and non-secure accesses, yet this solution forfeits the speed gain and power saving benefits of using a cache.
Accordingly, it would be desirable to provide a technique which enabled a simplified processor to operate without the ability itself to transition between security domains, yet retain flexible operation within a data processing apparatus where both secure and non-secure domains and data exist.